Abstract:
Before promulgation of the Computer Crime Proclamation, Ethiopia did not have comprehensive computer crime law that could regulate computer abuse except six articles of the Ethiopian Criminal Code that tried to regulate few aspects of computer abuse; Antiterrorism Proclamation that regulated cyber terrorism and Telecom Fraud Offence Proclamation that deals with frauds committed through the use of telecom networks and service. The Computer Crime Proclamation entered into force as of July 7, 2016 by repealing the computer crime provisions of the code but leaving the provisions of the proclamations intact. Although it provides important provisions to protect individuals’ rights and cyber security that the code lacks, the proclamation created new controversial cybercrimes such as criminalization of online defamation and criminal liability of ISP that negatively affect freedom of expression and right to data privacy. It regulates cyberstalking and cyber security by vague provisions. It also provides wide discretion to investigative authorities to carry out warrantless sudden searches for real-time collection of evidence for preventive purposes without requiring them to establish whether the process is necessary and proportionate before an independent organ; order retention and collection of communication without warrant and extend the scope of a search warrant in some cases. Though the proclamations is not yet practically tested, this thesis exposes it to strict scrutiny under the standards of limitation of freedom of expression and right to data privacy. Though freedom of expression and right to privacy can be limited under limitation clauses provided in the FDRE Constitution and Human Rights Instruments that Ethiopia has ratified, by applying a normative legal research methods, this research found that Articles 13, 14, 16, 25(3), 30 and 32 of the Computer Crime Proclamation have irrationally, illegitimately and unnecessarily restricted freedom of expression and right to data privacy.